section.io takes our users' security and privacy concerns seriously. We strive to ensure that user data is kept secure, and that we collect only as much personal data as is required to make our users' experience with section.io as efficient and satisfying as possible. We also aim to collect data in the most unobtrusive manner possible. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is sufficiently protected.
section.io utilizes some of the most advanced technology for Internet security commercially available today.
- section.io requires users to create a unique user name and password that must be entered each time a user logs on. section.io issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username or password of the user.
- When a user accesses secured areas of our site, Secure Sockets Layer (SSL) technology protects user information using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons
- Passwords and credit card information are always sent over secure, encrypted SSL connections.
- Accounts which are SSL enabled ensure that the communications are transmitted over a secure, encrypted connection to the browser and to the origin.
- section.io Optimsiation Nodes are hosted in PCI DSS Level 1 Infrastructure
- Data center staffed and surveilled 24/7
- Data center secured by security guards, visitor logs, and entry requirements (passcards/biometric recognition)
- Digital surveillance equipment monitors the data center
- Environmental controls for temperature, humidity and smoke/fire detection
- MultiCDN capabilities for automated CDN availability management
- Multiple independent connections to Tier 1 Internet access providers
- Uptime monitored constantly, with escalation to section.io staff for any downtime
- Servers have redundant internal and external power supplies
- Firewall restricts access to all ports except 80 (http) and 443 (https)
- SSL integrity maintained between hops
- Access controls to sensitive data in our databases and systems are set on a need-to-know basis
- We maintain and monitor audit logs on our services and systems (we generate gigabytes of log files each day)
- We maintain internal information security policies, including incident response plans, and regularly review and update them
- Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding
- Latest patches applied to all operating system and application files
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet, or method of electronic storage, is perfectly secure. Therefore, we cannot guarantee absolute security. If section.io learns of a security breach or potential security breach, we will attempt to notify affected users electronically so that they can take appropriate protective steps. section.io may also post a notice on our website if a security breach occurs.
Keeping your data secure also depends on you ensuring that you maintain the security of your hosting environment.
If you have any questions about security on the section.io website, please email us at firstname.lastname@example.org.